Microsoft Ups IE Flaw to 'Critical'

Have you seen that Internet Explorer cumulative patch offering itself to you recently? Maybe you had better think about taking it: Microsoft in their infinite wisdom have upped the security flaws that the patch addresses to "Critical" level.

"The patch, released last Wednesday, fixes a vulnerability in IE 5.5 and 6.0 in the browser's cross-domain security model. The software performs incomplete security checks when certain object caching techniques are used in Web pages.....

....Microsoft's original bulletin said that an attacker could not use the flaw to run code on a user's machine, and the vulnerability was rated "moderate." However, a Danish security expert, well-known for finding vulnerabilities in IE, disputed this claim, saying that the flaw could be used to execute code on vulnerable machines....

...As a result, the company upgraded the severity of the vulnerability to "critical," the most severe rating...."